OSVDB ID: 2544 Title: Microsoft ASP.NET Request Validation Bypass |
Info |
|
|
Dates |
||||
|
|
Description |
A vulnerability exists in the request validation mechanism employed by Microsoft ASP.NET. This vulnerability allows an attacker to send a request which will pass the framework's built-in input validation leading to arbitrary script execution in the context of the browser. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Solution: No Solution Exploit: Exploit Available |
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Perform IO sanitization programmatically without relying on the framework. |
Products |
|
References |
|
Credit |
|